From: Kevin <kevinsisco61784@gmail.com>
To: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] BlockPow: A Practical Proposal to prevent mining pools AND reduce payoff variance:
Date: Thu, 19 Jun 2014 13:11:44 -0400 [thread overview]
Message-ID: <53A319D0.9080309@gmail.com> (raw)
In-Reply-To: <53A316BE.5040508@certimix.com>
[-- Attachment #1: Type: text/plain, Size: 7609 bytes --]
On 6/19/2014 12:58 PM, Sergio Lerner wrote:
>
> I propose a setting that prevent mining pools AND reduce payoff
> variance which requires two changes: increasing the block-rate and
> changing the Bitcoin PoW (but still allowing current Bitcoin ASICs to
> work (as far as I know)). The block rate must be increased at least 20
> times and block must still be near full (e.g. there must be at least
> 20 more transactions/second than there is today)
>
> BlockPow is kind of PoW that only practically prevents mining pools
> for certain cryptocurrency settings based on concepts similar to
> parmacoin, but in a much simple degree. The idea is that if miners try
> to join a pool, then they incur in overhead of transmitting
> information and earn less than working solo. Let b (the payload)
> contain a full block. b must contain all the transactions and the
> header, and not only the transaction hashes. b should not hide
> anything. Let h be the block header (which contains the previous block
> hash and the Merkle tree root of the transactions). Let d be the
> difficulty. hash-block-length(b) returns the number of blocks
> processed by the hash function when fed with the block b. The target
> is divided by hash-block-length(b) so that the difficulty does not
> depend on the length of the block. Some other function can be used to
> encourage nodes to add more or less transactions.
>
> Def: Basic BlockPoW concept
>
> For each r in the nonce-range: if H ( H( r || b ) || h || r) ) < 2^-d/
> hash-block-length(b) then return r
>
> return null
>
> The header (h) is appended to the hashed message to allow SPV clients
> to verify the PoW without requiring the full block to be downloaded.
> Peers can send only (x,r,h) to SPV nodes, where x = H( r || b ), so
> they can verify the PoW. The verification procedure is obvious, and is
> skipped here. r is inserted at the beginning of the message to prevent
> pool administrators from keeping a secret mid-state of the hash
> function secret in order to prevent block stealing and also to force
> the miner to know b in the inner mining loop.
>
> So now mining requires the knowledge of the block b to be mined, and b
> must be received at each block-chain epoch. This could create an
> incentive not to include any transaction and use an almost empty b,
> because that way the bandwidth requirements is decreased. But this
> incentive should not exists normally, since by including transactions
> the solo miner gets an additional revenue from fees, which is lost if
> the block is empty. Anyway, to prevent this possible incentive we can
> append to b a subset of previous blocks (e.g 100 blocks). The block
> subset to include could be derived from a peudo-random function seeded
> by the previous block hash. Then a node would still need to download
> part or all the block-chain in order to mine.
>
> Now if the miner wants to be a dumb node and take part of a pool, then
> the current working unsolved block (the template) must be sent each
> time from the pool admin to each miner. If the pool admin hosts 1000
> miners, then to serve them with fresh block templates he needs 1000
> times more bandwidth that the miners, making this much more expensive.
> If miners create another network topology to distribute templates,
> they are incurring in the same overhead as being actively part of the
> cryptocurrency network, so they gain nothing.
>
> For example, in a block-chain with a 5 seconds block-rate, such as in
> NimbleCoin <http://nimbleCoin.org>, each block can be as large as 200
> Kbytes (100 tps are allowed). A miner will require the block template
> to be ready as fast as possible, say before 3 seconds, so as not to
> loose more than 60% of the times the transaction fees present in the
> block template. This means that a pool admin serving 1000 clients must
> have a upload bandwidth of at least 60 Mbytes/sec, and load balance
> servers, because all miners will demand the block template at the same
> time and will compete for it.
>
> The same miner, working solo, will not loose the 60% of block fees. If
> block fees are 10% of block reward, then solo miners earn 6% more than
> pool miners. Also, having a block rate of 5 seconds allows solo miners
> to receive payments more often and so it reduces the payment variance.
>
> This method to discourage mining pools only work as long as time is
> takes to transmit a block is comparable to the block interval time,
> e.g. 20%. This seems not to be a problem since if the cryptocurrency
> becomes popular, then we can expect blocks to be near full, while if
> is is not, then nobody will care about mining pools.
>
> For this method to work for Bitcoin, Bitcoin should reduce the block
> rate to at least 1 minute, and keep blocks of at least 10 Mbytes. Or
> go the NimbleCoin way, and reduce the block interval to 5 seconds. The
> sole reduction of the block rate from 10 minutes to 5 seconds would
> reduce notably the mining reward variance, which is the main reason
> miners don't mine solo.
>
> BitcoinBlockPow
>
> The basic BlockPoW is incompatible with Bitcoin ASICs as is but it can
> be made partially compatible with some tweaks: The value b is replaced
> by a a a subset or an integrity check of the block.
>
> Using a subset:
>
> First the hashMerkleRoot and hashPrevBlock fields are replaced by the
> fields: ChildBlock (32 bytes) and ScatteredBlockBytes (32 bytes).
> ChildBlock is the hash of a message with stores the old hashMerkleRoot
> and hashPrevBlock. ScatteredBlockBytes is a pseudo-random subset of
> bytes taken from the block template being mined. The seed for the
> pseudo-random function that selects the subset is the hashMerkleRoot
> plus the block time. When a miner scans all the 32bit nonce space,
> then a new hashMerkleRoot must be created to increase the extra-nonce
> field or the time must be updated. When this happens, a new subset of
> pseudo-random 32 block bytes must be collected. If the miner only
> stores 10% of the block template (e.g. 100 Kbytes instead of 1 Mbyte),
> then the probability he can build the ScatteredBlockBytes by
> brute-forcing the seed is 10^-32. If the miner performs 100 GH/sec,
> then the 32-bit nonce will overflow every 20 msec and the miner could
> request the ScatteredBlockBytes from the pool admin using a bandwidth
> of 1 Kbyte/s. A pool hosting 6 PH/sec (such as Eligious, which has 8%)
> would need to stream more than 60 Mb/s of ScatteredBlockBytes fields.
> A mining pool having 50% would need to stream 500 Mb/s, which is quite
> challenging. So miners will download the block normally, and become
> active part of the network.
>
> Using an integrity check:
>
> ScatteredBlockBytes is replaced by a field BlockHash defined as H(
> full-block-with-zero-nonce ). Obviously the header must be at the
> beginning of the block to force the re-hash.
>
> Best regards,
> Sergio.
>
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Why do you want to punish pools?
--
Kevin
[-- Attachment #2: Type: text/html, Size: 9516 bytes --]
next prev parent reply other threads:[~2014-06-19 17:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-19 16:58 [Bitcoin-development] BlockPow: A Practical Proposal to prevent mining pools AND reduce payoff variance: Sergio Lerner
2014-06-19 17:11 ` Kevin [this message]
2014-06-19 17:37 ` Justus Ranvier
2014-06-19 17:17 ` Mark Friedenbach
2014-06-19 17:35 ` Mike Hearn
2014-06-19 20:26 ` slush
2014-06-19 20:39 ` Mark Friedenbach
2014-06-19 20:55 ` slush
2014-06-19 21:07 ` Mark Friedenbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53A319D0.9080309@gmail.com \
--to=kevinsisco61784@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox